General
-
Target
ASTRO-GREP.bin
-
Size
47KB
-
Sample
210719-ftdjf8njlx
-
MD5
432f0e0aab658de046d8b41d2cef8253
-
SHA1
7ba5b175ffb4bb976c54177f9c40a7339a088654
-
SHA256
17d1c0045155ad9c523c07e0f37aa16cd036915f38b73090d8d8ba930db149fb
-
SHA512
bac97805d8fcba49b7bde5067911b293622c610a65f2a2fc527a6c890be8e79c6ca9c9676786b1eaac19ecbdb16562efee2d7c985707fc04e57e4e3033c75b0b
Behavioral task
behavioral1
Sample
ASTRO-GREP.bin.exe
Resource
win7v20210410
Malware Config
Extracted
asyncrat
0.5.7B
null:null
Mutex_6SI8OkPnk
-
aes_key
ZgOTIhSVzSTSosv4ITYrzailHXWOHyEM
-
anti_detection
true
-
autorun
true
-
bdos
false
-
delay
SWARM-SHOP
-
host
null
-
hwid
20
- install_file
-
install_folder
%AppData%
-
mutex
Mutex_6SI8OkPnk
-
pastebin_config
https://pastebin.com/raw/VTByvKGM
-
port
null
-
version
0.5.7B
Targets
-
-
Target
ASTRO-GREP.bin
-
Size
47KB
-
MD5
432f0e0aab658de046d8b41d2cef8253
-
SHA1
7ba5b175ffb4bb976c54177f9c40a7339a088654
-
SHA256
17d1c0045155ad9c523c07e0f37aa16cd036915f38b73090d8d8ba930db149fb
-
SHA512
bac97805d8fcba49b7bde5067911b293622c610a65f2a2fc527a6c890be8e79c6ca9c9676786b1eaac19ecbdb16562efee2d7c985707fc04e57e4e3033c75b0b
-
Async RAT payload
-
Executes dropped EXE
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
-